Hacking the Grid – The ‘Smart Meter’ Syndrome

‘Smart’ as the New Stupid
More support for what we’ve been reporting for months: A wireless power grid mediated by ‘smart’ meters is a national security blunder of the highest order. A video and three recent articles.

VANCOUVER, British Columbia–(BUSINESS WIRE)–The vulnerability of the energy industry’s new wireless smart grid will inevitably lead to lights out for everyone, according to leading cyber expert David Chalk. In an online interview for an upcoming documentary film entitled ‘Take Back Your Power’ (www.ThePowerFilm.org), Chalk says the entire power grid will be at risk to being taken down by cyber attack, and if installations continue it’s only a matter of time.

“Unless we wake up and realize what we’re doing, there is 100% certainty of total catastrophic failure of the entire power infrastructure within 3 years”

“We’re in a state of crisis,” said Chalk. “The front door is open and there is no lock to be had. There is not a power meter or device on the grid that is protected from hacking – if not already infected – with some sort of trojan horse that can cause the grid to be shut down or completely annihilated.”

“One of the most amazing things that has happened to mankind in the last 100 years is the Internet. It’s given us possibility beyond our wildest imagination. But we also know the vulnerabilities that exist inside of it. And then we have the backbone, the power grid that powers our nations. Those two are coming together. And it’s the smart meter on your home or business that’s now allowing that connectivity.” Read more.

A series of hacks perpetrated against so-called “smart meter” installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in a cyber intelligence bulletin obtained by KrebsOnSecurity. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology….

…The FBI believes that miscreants hacked into the smart meters using an optical converter device — such as an infrared light — connected to a laptop that allows the smart meter to communicate with the computer. After making that connection, the thieves changed the settings for recording power consumption using software that can be downloaded from the Internet.

“The optical converter used in this scheme can be obtained on the Internet for about $400,” the alert reads. “The optical port on each meter is intended to allow technicians to diagnose problems in the field. This method does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact.”

The bureau also said another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage, while still providing electricity to the customer.

“This method is being used by some customers to disable the meter at night when air-conditioning units are operational. The magnets are removed during working hours when the customer is not home, and the meter might be inspected by a technician from the power company.”

“Each method causes the smart meter to report less than the actual amount of electricity used. The altered meter typically reduces a customer’s bill by 50 percent to 75 percent. Because the meter continues to report electricity usage, it appears be operating normally. Since the meter is read remotely, detection of the fraud is very difficult. A spot check of meters conducted by the utility found that approximately 10 percent of meters had been altered.”

“The FBI assesses with medium confidence that as Smart Grid use continues to spread throughout the country, this type of fraud will also spread because of the ease of intrusion and the economic benefit to both the hacker and the electric customer,” the agency said in its bulletin.

False data injection attacks exploit the configuration of power grids by introducing arbitrary errors into state variables while bypassing existing techniques for bad measurement detection; experts say current generation of smart meters are not secure enough against false data injection attacks

Circle the other day announced the results of a survey of 104 energy security professionals. The survey was sponsored by nCircle and EnergySec, a DOE-funded public-private partnership that works to enhance the cyber security of the electric infrastructure. The online survey was conducted between 12 March and 31 March 2012.